CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1033 – openBI Datament.php agent information disclosure
https://notcve.org/view.php?id=CVE-2024-1033
The manipulation of the argument api leads to information disclosure. ... Dank Manipulation des Arguments api mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://note.zhaoj.in/share/nD654ot6zRQZ https://vuldb.com/?ctiid.252308 https://vuldb.com/?id.252308 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7204 – WP STAGING WordPress Backup Plugin < 3.2.0 - Unauthorized Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-7204
The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides El complemento WP STAGING WordPress Backup anterior a 3.2.0 permite el acceso a archivos de caché durante el proceso de clonación, lo que proporciona The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions before 3.2.0 via the cache files. This makes it possible for unauthenticated attackers to extract sensitive data. • https://wpscan.com/vulnerability/65a8cf83-d6cc-4d4c-a482-288a83a69879 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21382 – Microsoft Edge for Android Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-21382
Microsoft Edge for Android Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Microsoft Edge para Android • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21382 • CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23619 – IBM Merge Healthcare eFilm Workstation Hardcoded Credentials
https://notcve.org/view.php?id=CVE-2024-23619
A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. • https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-information-disclosure • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23506 – WordPress InstaWP Connect Plugin <= 0.1.0.9 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-23506
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. Vulnerabilidad de exposición de información confidencial a un actor no autorizado en InstaWP Team InstaWP Connect – 1-click WP Staging & Migration. Este problema afecta a InstaWP Connect – 1-click WP Staging & Migration: desde n/a hasta 0.1.0.9. The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in all versions up to, and including, 0.1.0.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive information. • https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-9-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •